How Well Does CloudGuard IaaS Support Azure Security?

Check Point CloudGuard IaaS provides support for Microsoft Azure and hybrid cloud deployments, and thereby improves Azure security. This isn’t surprising, considering that Azure is a leading public cloud vendor and is trusted by 95% of Fortune 500 companies, most of which are also Check Point customers.

But how well does CloudGuard IaaS support Azure?

One way to answer this question is to refer back to Microsoft itself:

Reshmi Yandapalli, Principal Program Manager of Azure Networking, published a blog in February outlining considerations when building or choosing Azure security and networking services.

The blog is titled “Best practices to consider before deploying a network virtual appliance”. In the blog, Dr. Yandapalli defines a network virtual appliance (NVA) and outlines four best practices for networking and security ISVs like Check Point to improve the cloud experience for Microsoft Azure customers.

I reviewed the blog’s four best practices with the Check Point R&D team which is responsible for CloudGuard IaaS development and future roadmap. And this is what I learned:

According to Amir Kaushansky, Product Manager of CloudGuard IaaS, Check Point was the first vendor to be certified as compliant with Azure accelerated networking. Accelerated networking can be used to significantly improve performance and reduce latency, jitter, and CPU utilization.

Depending on workload and VM size, we have observed ~2-3X increased throughput as a direct result of Azure accelerated networking.

2. Multi-NIC support:

Each Azure VM type has one or more NICs (Network Interface Controllers). The article explains that using VMs with multiple NICs improves network traffic management via traffic isolation. For example, you can use one NIC for data plane traffic and one NIC for management plane traffic.

Kaushansky updates that CloudGuard IaaS supports this functionality with a standard load balancer via Azure Resource Manager deployment templates, which customers can use to deploy CloudGuard easily in High Availability mode.

4. Support for Virtual Machine Scale Sets (VMSS):

The article’s last best-practice recommendation is to use Azure Virtual Machine Scale Sets to provide high availability as well as the management and automation layers for Azure security, networking and other applications. This cloud-native functionality provides the right amount of IaaS resources depending on application needs at any given time.

Similarly to the previous best practice, customers can use a Azure Resource Manager deployment template to deploy CloudGuard in VMSS mode. Check Point recommends the use of VMSS for traffic inspection of inbound/outbound and East-West traffic.

As you can see, CloudGuard IaaS is compliant with all four of Microsoft’s best practices recommendations about how to build and deploy Azure network security solutions.

So if you are in the process of evaluating Azure security solutions:

Why not take advantage of a limited-time special offer from Microsoft and Check Point?